Bump github.com/buildpacks/lifecycle from 0.16.4 to 0.19.0

[dependabot]

Bumps github.com/buildpacks/lifecycle from 0.16.4 to 0.19.0.

Release notes

Sourced from github.com/buildpacks/lifecycle's releases.

lifecycle v0.19.0

Welcome to v0.19.0, a release of the Cloud Native Buildpacks Lifecycle.

Prerequisites

The lifecycle runs as a normal user in a series of unprivileged containers. To export images and cache image layers, it requires access to a Docker (compatible) daemon or an OCI registry.

Install

Extract the .tgz file and copy the lifecycle binaries into a build image. The build image can then be orchestrated by a platform implementation such as the pack CLI or tekton.

Lifecycle Image

An OCI image containing the lifecycle binaries is available at buildpacksio/lifecycle:0.19.0.

Features

• When using Platform API 0.13 or greater, the exporter accepts a -parallel flag to enable exporting the app image and cache image in parallel (#1247 by @​kritkasahni-google)
• When using Platform API 0.13 or greater, image extensions are no longer experimental (#1295 by @​prashantrewar)
• When using Platform API 0.13 or greater, image extensions may write into a shared or specific context directory (#1276 by @​modulo11)
• Adds support for ppc64le architecture (#1303 by @​matzew)
• Documents -image is a deprecated flag (#1304 by @​ryanbrainard)
• Bumps dependencies (#1226, #1234, #1238, #1259, #1265, #1277, #1279, #1280, #1283, #1281, #1292, #1296, #1310)
• Adds debug statements to the extender (#1298 by @​natalieparellano)
• Updates go to version 1.21.8

Bugfixes

• The lifecycle will always set CNB_TARGET_* variables during detect, build, and generate (#1309 by @​natalieparellano)
• The rebaser when -run-image is not provided will find the run image name in io.buildpacks.lifecycle.metadata instead of performing a no-op (on Platform API 0.12) (#1305 by @​ryanbrainard)
• The creator errors if the detected group (instead of the order) contains extensions (#1246 by @​natalieparellano)
• The exporter zeroes timestamps when adding extension layers to the app image (#1289 by @​natalieparellano)
• The extender will successfully copy extended run image layers even if the original run image has a duplicated top layer (#1306 by @​natalieparellano)

Library Changes

• Consolidates methods that read and write platform spec'd TOML (#1236 by @​natalieparellano)

Full Changelog: buildpacks/lifecycle@v0.18.5...release/0.19.0

Contributors

We'd like to acknowledge that this release wouldn't be as good without the help of the following amazing contributors:

@​c0d1ngm0nk3y, @​jabrown85, @​kritkasahni-google, @​loewenstein, @​matzew, @​modulo11, @​natalieparellano, @​pbusko, @​phil9909, @​prashantrewar, @​ryanbrainard

lifecycle v0.19.0-rc.3

... (truncated)

Commits

• 548854f Fix post release workflow by calculating sha for linux-ppc64le (#1311)
• f25f22c Bump the go-dependencies group with 2 updates (#1310)
• de7bcf5 Update fixtures for exporter acceptance test (#1307)
• 1148b71 Always set CNB_TARGET_* variables during detect, build, and generate (#1309)
• f3f292c When copying extended run image layers, use the original number of layers (#1...
• 41d885b refactor phase/generator_test.go (#1301)
• 73af3c1 Fix rebase run-image resolution (#1305)
• f885774 Document deprecatedRunImage as deprecated (#1304)
• 553c041 refactor phase/extender_test.go (#1297)
• 2d2da0b Fix typo (#1299)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1587.